This tool enables the management of an entity’s processing operations in the following aspects: management of the Records of Processing Activities, generation of the Inventory of Processing Operations and the minimum bases for initiating risk analysis and management activities within the scope of the GDPR, generation of reports and management and local storage of data. No information or copies are transmitted to or stored at the AEPD.
This is a decision-support tool, not a comprehensive tool. It is a starting point for carrying out the risk management process and, where appropriate, the Data Protection Impact Assessment. It should be completed and analyzed, and the actions implemented in the organization, by the staff controller for the processing and, where appropriate, the processor, taking into account the nature, scope, context and purposes of the processing for each processing of personal data intended to be carried out.
The reports generated have the character of supporting documents for the implementation of risk management, and in no case substitute or replace the actions to be taken by controllers and processors.